CVE-2019-16792 in Waitressinfo

Zusammenfassung

von MITRE

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub, Inc.

Reservieren

24.09.2019

Moderieren

akzeptiert

Eintrag

VDB-149237

CPE

bereit

CWE

CWE-444 (bestätigt)

CVSS

7.1 (NVD)

EPSS

0.00851

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-16792
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-16792
CVE Details	https://www.cvedetails.com/cve/CVE-2019-16792/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!